Domain Controller has event log saying that srv_ldap attempted a type of login for which it is not permitted (interactive). However, srv_ldap does have the right to log on interactively, as specified in Group Policy.